Citrix Receiver Pass Through Not Working

Hi There,

I have an installation of StoreFront 2.1 setup and the legacy support setup (so as to use the webservice type option) All security is setup i.e. pass through.
(Setup on a windows 2008 r2 box 64bit)

I have setup the domain policy as recomeneded for Citrix Pass through.

I have installed Citrix Receiver Enterprise 3.3 on a workstation (file version shows as

The installation has been done as I would have if using webinterface and that is to do this:-
CitrixReceiverEnterprise.exe /silent /includeSSON ADDLOCAL="ReceiverInside,ICA_Client,SSON,USB,DesktopViewer,Flash,PN_Agent,Vd3d" SERVER_LOCATION="http://"My storefront server"/Citrix/VisiCAD/PNAgent/config.xml" ENABLE_SSON="Yes"

OK so with this done and a restart the citrix receiver is installed and when i go into the about settings i can see Pass through is set correct. Also the icons of the app appear on the desktop so all looks great BUT I then double click the app and get the following message:
Citrix Receiver
The credentials supplied were invalid. Please try again.

Just to reconfirm I have done the recomended settings on the store front for pass through i.e. config as follows:

and as mentioned above the Policy setting for Citrix and just to confirm the user logging on has full access to the application (I can test this by changing the setings to prompt for a user entry and the app will load if I key in the same log in details!!!!)

I can also confirm that IIS 7.5 has the authentication settings enabled.

For info on this machine where the receiver is installed if i change that to use a webinterface installation (Pre storefront) it works with no errors.

Hope someone can help please :)

Big thanks,

Who is Participating?
objectivityConnect With a Mentor Author Commented:
Hi There cant beleive it fixed the issue.

I enabled storefront tracing and found there is an extra config you have to chage. Unfortunately there is no gui anymore for services so you just have to do it all yourself :)

So basically you do this and it works; thats it!!!!!!
C:\inetpub\wwwroot\Citrix\[storefront name]\web.config

Set the logonMethod to sson
    <pnaProtocolResources changePasswordAllowed="Never" logonMethod="sson" kerberosEnabled="false" changePasswordMethod="Proxy" changePasswordUrl="">

This is on top of all the other stuff you have to do manual as well.

Thanks for your input anyway


Daniel BorgerSenior Citrix Engineer- CCEECommented:
It's been a while since I saw this issue but I had these links saved as a resolution.

I was on a project and ended up using the default website in Xendesktop to get the icons to work at first.
objectivityAuthor Commented:
Hi Thanks for the reply.

I can say I have tried/checked these links for info they mention storefront 1.1 and we are using 2.1 and I know there have been some changes in the version.

We are using kerberos settings and configured as per recomendations. With this I get the icons on the screen and the pass-through in the receiver but when you double click the icons you get the error.

For info if i do the same settings with webinterface there are no problems!!!!!!

I have also configured all the IIS settings for pass-though too.

Oh and the storefront shows the correct name to match the server name. i.e. when i run
setspn –L <hostname of Storefront server>

This has turned into a frustrating one.

Big thanks,

Daniel BorgerSenior Citrix Engineer- CCEECommented:
I doubled back to the customer I worked with and it seems we ended up using web interface with for just the PNagent on the xendesktops. I had a case open with Citrix and was not getting anywhere.
objectivityAuthor Commented:
This solution makes the reciver to storefront 2.1 pass-through authentication work.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.